[Bug 16918] Re: smartcard support is not enabled in openssh
This bug was fixed in the package openssh - 1:5.5p1-3ubuntu1 --- openssh (1:5.5p1-3ubuntu1) maverick; urgency=low * Resynchronise with Debian. Remaining changes: - Add support for registering ConsoleKit sessions on login. - Drop openssh-blacklist and openssh-blacklist-extra to Suggests; they take up a lot of CD space, and I suspect that rolling them out in security updates has covered most affected systems now. - Convert to Upstart. The init script is still here for the benefit of people running sshd in chroots. - Install apport hook. * Stop setting OOM adjustment in Upstart job; sshd does it itself now. openssh (1:5.5p1-3) unstable; urgency=low * Discard error messages while checking whether rsh, rlogin, and rcp alternatives exist (closes: #579285). * Drop IDEA key check; I don't think it works properly any more due to textual changes in error output, it's only relevant for direct upgrades from truly ancient versions, and it breaks upgrades if /etc/ssh/ssh_host_key can't be loaded (closes: #579570). openssh (1:5.5p1-2) unstable; urgency=low * Use dh_installinit -n, since our maintainer scripts already handle this more carefully (thanks, Julien Cristau). openssh (1:5.5p1-1) unstable; urgency=low * New upstream release: - Unbreak sshd_config's AuthorizedKeysFile option for $HOME-relative paths. - Include a language tag when sending a protocol 2 disconnection message. - Make logging of certificates used for user authentication more clear and consistent between CAs specified using TrustedUserCAKeys and authorized_keys. openssh (1:5.4p1-2) unstable; urgency=low * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is installed, the host key is published in an SSHFP RR secured with DNSSEC, and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key verification (closes: #572049). * Convert to dh(1), and use dh_installdocs --link-doc. * Drop lpia support, since Ubuntu no longer supports this architecture. * Use dh_install more effectively. * Add a NEWS.Debian entry about changes in smartcard support relative to previous unofficial builds (closes: #231472). openssh (1:5.4p1-1) unstable; urgency=low * New upstream release (LP: #535029). - After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. - Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is enabled by default in the Debian packaging, since it now doesn't involve additional library dependencies (closes: #231472, LP: #16918). - Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (closes: #482806). - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...". - Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian package, this overlaps with the key blacklisting facility added in openssh 1:4.7p1-9, but with different file formats and slightly different scopes; for the moment, I've roughly merged the two.) - Various multiplexing improvements, including support for requesting port-forwardings via the multiplex protocol (closes: #360151). - Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has (closes: #496843). - Many sftp client improvements, including tab-completion, more options, and recursive transfer support for get/put (LP: #33378). The old mget/mput commands never worked properly and have been removed (closes: #270399, #428082). - Do not prompt for a passphrase if we fail to open a keyfile, and log the reason why the open failed to debug (closes: #431538). - Prevent sftp from crashing when given a "-" without a command. Also, allow whitespace to follow a "-" (closes: #531561). * Fix 'debian/rules quilt-setup' to avoid writing .orig files if some patches apply with offsets. * Include debian/ssh-askpass-gnome.png in the Debian tarball now that we're using a source format that permits this, rather than messing around with uudecode. * Drop compatibility with the old gssapi mechanism used in ssh-krb5 << 3.8.1p1-1. Simon Wilkinson refused this patch since the old gssapi mechanism was removed due to a serious security hole, and since these versions of ssh-krb5 are no longer security-supported by Debian I don't think there's any point keeping client compatibility for them. * Fix substitution of ETC_PAM_D_SSH, following the rename in 1:4.7p1-4. * Hardcode the location of xauth to /usr/bin/xauth rather than /usr/bin/X11/xauth (thanks, Aron Griffis; closes: #575725,
[Bug 16918] Re: smartcard support is not enabled in openssh
** Branch linked: lp:ubuntu/openssh -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
Changes in version 5.4. [...] * Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is automatically enabled on all platforms that support dlopen(3) and was inspired by patches written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. [...] http://www.openssh.com/txt/release-5.4 -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
** Changed in: openssh (Debian) Status: New => Fix Released -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
** Changed in: openssh (Debian) Status: Fix Released => New -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
** Changed in: openssh (Debian) Status: New => Fix Released -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
** Branch linked: lp:debian/sid/openssh -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
** Branch linked: lp:~cjwatson/openssh/debian -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 16918] Re: smartcard support is not enabled in openssh
On Thu, Feb 11, 2010 at 12:42:35AM -, J. Javier Maestro wrote: > Can't anyone follow the suggestion of creating an extra openssh- > smartcard-opensc and openssh-smartcard-pkcs11 that would use the opensc > flag or the pkcs11 patch mentioned in this bug? > > If there is no serious reason to avoid it, why is this bug open since > 2005??? Come on! An experienced Debian / Ubuntu developer could have > done the package in no time at all! There was a serious reason, even if you don't agree with it - combinatorial package explosion for each possible option is not a good thing, and in the long run it creates confusion. "Oh, I just needed to install openssh-smartcard-opensc-hap-krb5-noavahi and then it all worked." This is the sort of thing that experienced Debian/Ubuntu developers learn to think about, because they have the experience of painting themselves into corners in the past and then having trouble getting themselves (and their users) out of it. Fortunately, upstream's smartcard support has been overhauled to use dynamically loaded PKCS#11 tokens. In the packages of OpenSSH 5.4 (Lucid+1, I'm afraid), we'll be able to have this enabled by default, which will fix this long-standing bug. -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
invalidated opensc tasks ** Changed in: opensc (Debian) Status: New => Invalid ** Changed in: opensc (Ubuntu) Status: New => Invalid -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
Can't anyone follow the suggestion of creating an extra openssh- smartcard-opensc and openssh-smartcard-pkcs11 that would use the opensc flag or the pkcs11 patch mentioned in this bug? If there is no serious reason to avoid it, why is this bug open since 2005??? Come on! An experienced Debian / Ubuntu developer could have done the package in no time at all! Could you listen to us, please? Or at least provide a satisfactory answer. Mentioning the "dependency hell" surely is not enough (not even by far!!!) when other options such as extra packages exist (and are already in use for other packages). So, again, PLEASE, do help us and compile it with smartcard support. Thank you. -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
** Also affects: opensc (Ubuntu) Importance: Undecided Status: New ** Also affects: opensc (Debian) Importance: Undecided Status: New -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
By the way, most of us only need --with-opensc and opensc libraries so why beg during years for such a common feature. -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
I have been using Debian GNU/Linux for 10 years. I really need smartcard support to secure my SSH and StrongSwan communications. As written before, smartcard are really secure technologies. You can buy used smartcard readers on eBay for less than 10 euros. So please add smartcard support to Openssh. -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
smartcard are the state of the art secure technology since 5-10 years please enable it for ssh -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
I wish smartcard support too, an heavy floor version of ssh would be great ! Surprisingly it's easier to use smartcards with gentoo than with ubuntu :( ... -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 16918] Re: smartcard support is not enabled in openssh
Why do not handle like situation in exim4: One light flavour w/o Smartcard support and a heavy flavour with all features (and a lot of additional packages) ? -- smartcard support is not enabled in openssh https://bugs.launchpad.net/bugs/16918 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs